Tag: CCO

Categories
The Compliance Life

Maria D’Avanzo – Moving into the CCO Chair

The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to success navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Maria D’Avanzo. We discuss Maria’s journey from a real estate and probate lawyer to compliance, then CCO chair, and now as the Chief Evangelist Officer at Traliant.

After for 2.5 years at AIG, Maria moved to Cushman & Wakefield where she became the Chief Ethics and Compliance Officer and Chief Data Privacy Officer. In this role, she led an innovative and commercially focused global compliance and privacy team to support ethical decision-making and risk management needs of Cushman & Wakefield, a global leader in commercial real estate services with 53,000+ employees worldwide, where she learned that compliance is one of the hardest jobs (if not the hardest) in any company.  To be effective, employees need to know who you are, trust and have faith in you, and see your “human side”.  One of Cushman & Wakefield’s CEOs taught me that the best way to accomplish this is to go to where the employees are and listen to them over a cup of coffee.

Resources

Maria D’Avanzo LinkedIn Profile

Traliant.com

Categories
FCPA Compliance Report

Tomell Ceasar and the Middle East and Africa Compliance Association

In this episode of the FCPA Compliance Report, I am joined by Tomell Ceasar. He is the Group Head of Ethics and Compliance at Careem (An Uber Company). He is one of the founders of the Middle East and Africa Compliance Association (MEACA). Some of the highlights include:

1.     What is it like practicing compliance in EAME?

2.     EAME is a huge amount of territory to cover with many different countries and cultures.

3.     How does that play into compliance for the region?

4.     Training in EAME.

5.    Genesis of MEACA.

6.    What do you and the other founders hope to accomplish through MEACA?

 7.    What are the requirements for membership?

Resources

Tomell Ceasar on LinkedIn

The Middle East and Africa Compliance Association

Categories
Compliance Into the Weeds

Suicide Prevention Hotline and a Speak Up Culture

Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. In this episode, we look at the implementation of a national suicide prevention hotline, 988, and consider what it might teach compliance professionals. Highlights and questions posed include:

·      What is the new national Suicide Prevention hotline?

·      How does it inform your corporate hotline and speak up culture?

·      How do you teach the trait of listening?

·      Engaged employees are more effective employees.

·      How easy are the mechanics of your hotline to navigate?

Resources

Matt in Radical Compliance

Categories
The Compliance Life

Maria D’Avanzo – Move to Compliance

The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to success navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Maria D’Avanzo. We discuss Maria’s journey from a real estate and probate lawyer to compliance,  then CCO chair, and now as the Chief Evangelist Officer at Traliant.  

The 2008 financial crisis caused a downturn in real estate work so Maria sold her law practice. This precipitated her move into the compliance field. Maria began her first compliance role at a real estate focused private equity shop. Here she registered investment adviser and broker dealer entities and obtained series 7, 63 and 24 licenses.  After four years, Maria moved to Deputy Chief Compliance Officer at AIG Asset Management where she led a team of compliance professionals handling regulatory compliance matters on behalf of both registered investment advisers and broker dealer entities in North America.

Resources

Maria D’Avanzo LinkedIn Profile

Traliant.com

Categories
The Compliance Life

Maria D’ Avanzo – Academic Background and Early Professional Career

The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What skills does a CCO need to navigate the compliance waters in any company successfully? What are some of the top challenges CCOs have faced, and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Maria D’ Avanzo. We discuss Maria’s journey from a real estate and probate lawyer to compliance,  then CCO chair, and now as the Chief Evangelist Officer at Traliant.

Maria attended the College of the Holy Cross and St. John’s University School of Law. Her early professional career included working at a boutique litigation shop in White Plains, NY, defending mass tort litigations involving repetitive stress injury claims. She then moved to a small insurance defense firm also, White Plains. She and her husband founded a small law practice focusing on real estate and small business transactions.

Resources

Maria D’ Avanzo LinkedIn Profile

Traliant.com

Categories
Blog

A Caremark Retrospective: Part III – Lessons for Today

Over this short blog post series I have been exploring the original Caremark and Stone v. Ritter decisions from the Delaware Supreme Court. The former decision was released in 1996 and the latter, some ten years later in 2006. The original Caremark decision laid the foundation for the modern obligations of Boards of Directors in oversight of compliance in general and a company’s risk management profile in particular. Stone v. Ritter confirmed the ongoing vitality of the original Caremark decision. In Part 1, we reviewed the underlying facts of the Caremark decision and in Part II, we considered the court holdings and rationales in Caremark and Stone v. Ritter. Today, I want to review what those decisions mean for today’s Board of Directors, Chief Compliance Officer (CCO) and compliance professional.

Bribery, Fraud and Corruption

One of the things that struck me about both decisions was how timely the underlying facts were. In Caremark, a 1996 decision with the corruption going back into the 1980s, the case involved a company which provided patient care and managed care services and a substantial part of the revenues generated by the company was derived through third party payments, insurers, and Medicare and Medicaid reimbursement programs. Medicare and Medicaid payments were governed under the Anti-Referral Payments Law (“ARPL”) which prohibited health care providers (HCPs) from paying any form of remuneration (i.e., kickbacks) to physicians to induce them to refer Medicare or Medicaid patients to Caremark products or services.

To get around this prescription, Caremark entered various contracts for services (e.g., consultation agreements and research grants) with physicians at least some of whom prescribed or recommended services or products that Caremark provided to Medicare recipients and other patients. Moreover, Caremark had a decentralized governance and operational structure which allowed wide latitude to the business units to enter into such agreements without corporate or any centralized compliance or legal oversight. The results were about what you would expect.

In Stone v. Ritter, the AmSouth bank was induced to open a custodial account for two investment advisers who induced some 40 investors into a fraudulent investment, involving the construction of medical clinics overseas, by misrepresenting the nature and the risk of that investment. The bank provided custodial accounts for the investors and to distribute monthly interest payments to each account upon receipt of a check from the investment advisors. The scheme went on for about two years before the sapped investors stopped getting paid and began to contact the bank.

Federal bank examiners examined AmSouth’s compliance with its reporting and other obligations under the Bank Secrecy Act (BSA). AmSouth “entered into a Deferred Prosecution Agreement (“DPA”) in which AmSouth agreed: first, to the filing by USAO of a one-count Information in the United States District Court for the Southern District of Mississippi, charging AmSouth with failing to file SARs; and second, to pay a $40 million fine. In conjunction with the DPA, the USAO issued a “Statement of Facts,” which noted that although in 2000 “at least one” AmSouth employee suspected that Hamric was involved in a possibly illegal scheme, AmSouth failed to file SARs in a timely manner.” From my reading of these facts, it appears that there was ample evidence an illegal scheme was ongoing, and a Suspicious Activity Report (SAR) should have been filed. As with the underlying facts of Caremark, the underlying facts of Stone v. Ritter are still the basis for enforcement actions today.

Caremark – The Evolution of Board Duties

To create the modern Caremark Doctrine the Delaware Supreme Court had to overcome prior existing Delaware law regarding the board’s obligations. That decision from 1963, is known as  Allis-Chalmers, addressed the question of potential liability of board members for losses experienced by the corporation as a result of the corporation having violated US antitrust laws. There was no claim in that case that the directors knew about the behavior of subordinate employees of the corporation that had resulted in the liability.

Rather,  the claim asserted was that the directors ought to have known of it and if they had known they would have been under a duty to bring the corporation into compliance with the law and save the corporation from the loss. In Allis-Chalmers the Court found “absent cause for suspicion there is no duty upon the directors to install and operate a corporate system of espionage to ferret out wrongdoing which they have no reason to suspect exists.” As there were no grounds for suspicion in by the board, the directors were blamelessly unaware of the conduct leading to the corporate liability.

The Court found that the obligations for a board had evolved significantly from 1963, most notably in three areas. First, in the area of corporate takeovers, the court viewed “the seriousness with which the corporation law views the role of the corporate board.” The second area was the recognition as an “essential predicate for satisfaction of the board’s supervisory and monitoring role under Section 141 of the Delaware General Corporation Law.” The third and final change was the 1992 US Sentencing Guides and the “potential impact of the federal organizational sentencing guidelines on any business organization. Any rational person attempting in good faith to meet an organizational governance responsibility would be bound to take into account this development and the enhanced penalties and the opportunities for reduced sanctions that it offers.”

To effectuate this change, the court stated “I am of the view that a director’s obligation includes a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists, and that failure to do so under some circumstances may, in theory at least, render a director liable for losses caused by non-compliance with applicable legal standards.” Moreover, “it is important that the board exercise a good faith judgment that the corporation’s information and reporting system is in concept and design adequate to assure the board that appropriate information will come to its attention in a timely manner as a matter of ordinary operations, so that it may satisfy its responsibility.”

Conclusion

It is this final language which forms the basis of the modern Caremark Doctrine. There has been expansion of the Doctrine from this basic language over the past 25 years. Hopefully every board is aware of their obligations and are actually meeting them. However, every CCO and compliance professional needs to make the board aware of its Caremark obligations and then educate them on how to fulfill those obligations.

Categories
Corruption, Crime and Compliance

Episode 244 – Building a Compliance Program Dashboard

Chief compliance officers have access to a vast amount of data generated by their compliance programs. CCOs have to establish effective monitoring processes. A critical part of this process is to build a compliance program dashboard. This is a practical issue of real importance. In this episode, Michael Volkov reviews this important issue.

Categories
FCPA Compliance Report

Susannah Hammond on Thomson Reuters 2022 Cost of Compliance Report

In this episode of the FCPA Compliance Report, I am joined by Susannah Hammond, Senior Regulatory Intelligence Expert at Thomson Reuters, on the firm’s 2022 Cost of Compliance Report. Some of the highlights include:

  1. The genesis of this report.
  2. Why can this Report be seen as cathartic?
  3. What was the genesis of this report?
  4. What areas have the greatest need for compliance functionality?
  5. What are the top 3 challenges for compliance functions and compliance professionals over the next 12 months?
  6. Why is culture still such a challenge?
  7. Where does the Report see compliance down the road
  8. Why will changes in regulations continue to be a key challenge?
  9. How concerned are compliance professionals about CCO and compliance personnel liability?

Resources

Susannah Hammond on LinkedIn

2022 Cost of Compliance Report, here

Thomson Reuters Regulatory Intelligence website

The Compliance Clarified podcast series

Categories
Blog

To Increase Resilience in Compliance, Engage More

If there is one thing I have learned in working with Carsten Tams, Ethical Business Architect and founder and Chief Executive Officer (CEO) of Emagence LLC, it is that one of the very top keys for a successful compliance program is employee engagement. Tams and I explored this topic in the popular podcast series, Design Thinking in Compliance. It also appears that engagement can lead to great business resiliency based upon a 2021 article in the MIT Sloan Management Review, entitled The Top 10 Findings on Resilience and Engagement, by Marcus Buckingham. After Covid 19 and the Russian invasion has changed business forever which has made business resiliency a key trait for any business, corporate function and most especially a Chief Compliance Officer (CCO) or compliance professional. That last arena is where engagement is so critical.

The author defined resilience as “the capacity of an individual to withstand, bounce back from, and work through challenging circumstances or events.” But it is also a “reactive capacity, describing how people will respond when challenges arise.” Conversely, engagement was seen as proactive state of mind. The authors defined the criteria by making such inquiries “as how clear their expectations were, whether they got to use their strengths every day, whether they felt they would be recognized for doing excellent work, and whether someone at work was encouraging them to grow.” Yet the most interesting part is the dichotomy between reactive and proactive. It is a bit like the difference in prevention and detection in a compliance program; clearly the former is preferred to stop illegal or unethical conduct so you do not have to detect it.

Not surprisingly, trust is the number 1 factor in both engagement and resilience. Astoundingly the author found “employees who said they completely trust their team leader were 14 times more likely to be fully engaged.” Moreover, those employees who completely trusted their colleagues, team leader, and senior leaders, “were 42 times more likely to be highly resilient.” The reason should seem obvious as it is certainly “easier to engage in our best work when we don’t have to expend mental resources looking over our shoulders or protecting ourselves against dysfunctional workplace practices that erode trust, like bullying or micromanaging. When it comes to building engagement and resilience, trust is everything.” [emphasis added throughout]

Teamwork is also a key factor. Although this is not something I have experienced over the past 12 years of working alone, the author found, “Those who said they are on a team were 2.6 times more likely to be fully engaged and 2.7 times more likely to be highly resilient than those who didn’t identify as team members. For millennia, humans have experienced psychological well-being only when they feel connected to and supported by a small group of people around them.” When the pandemic hit, working from home (WFH) was not new to me as I had been doing it since 2010 but even in the WFH or Hybrid Work era, most employees need to feel like they are a part of a team.

However, being or even feeling like you are a part of a team is a state of mind, not a state of place. I always feel like I am engaged with my blog posts and article readers, my podcast listeners and the greater compliance community. Based on that experience, I certainly agree with the author’s statement that “engagement and resilience are about who you work with, not where you’re working.” Moreover, he noted, “virtual workers are both more engaged and more resilient than those who are physically in an office or shared workspace… In 2020, well into the pandemic, 20% of virtual workers were fully engaged and 18% were highly resilient — a stark contrast to the 11% of fully engaged and 9% of highly resilient office-based workers during the same period. How the work is done and with whom people work are both important, but organizations can stop worrying about whether virtual work is detrimental to teamwork.” But even more than teamwork, it is about having relationships with your co-workers. The author stated, “Relationships boost resilience. Women are not more resilient than men, or vice versa… This data strongly suggests that it is much harder to summon and sustain one’s resilience when going through life alone.”

I can certainly attest that the unknown is more terrifying than change. The author found that employees “who reported five or more changes at work were 13 times more likely to be highly resilient. This suggests that we humans fear the unknown more than we fear change. Company leaders shouldn’t rush employees back to normalcy when so much of the danger inherent in this current “normalcy” remains unknown and unknowable. Instead, leaders should tell their teams specifically what changes they are making to their work and why to increase their overall level of resilience.”

These findings suggest that every CCO and compliance professional must work to lessen or even dissolve the disconnect between senior leadership and front-line workers. It is your front-line business folks who will make or break your compliance program. Getting your senior management more engaged will begin to create and establish the trust that your employees will need to show resilience in the face of the next major business location, whether it is a pandemic or military invasion. Giving employees needed clarity and specificity from leaders, not sugarcoated enthusiasm, will help drive this trust. The author ended by taking this concept a step further by stating, “Leaders need to see their employees not as “labor” but as the messy, complex, emotional beings they are — dealing with real-world human challenges, just like they are. The more that leaders can infuse these findings in their organizations’ policies and practices, the more likely we will all be to flourish, both during these difficult times and beyond.”

Categories
Blog

The CCO and Board Refreshment

Boards of Directors are coming under increased legal and regulatory scrutiny. Courts in Delaware, from the Delaware Court of Chancery to the Delaware Supreme Court, have continued to refine and expand the Caremark Doctrine. Boards are on notice they must actively engage in compliance and risk management oversight. One of the continuing challenges for boards in this era of increasing responsibility is getting the right persons on boards. I was therefore interested in a recent MIT Sloan Management Review article, entitled Meet the New Board — Same as the Old Board, where authors Cynthia E. Clark and Jill A. Brown posit that many companies are just going through the motions of recruiting more diverse board members. Moreover, they advocate the time is now to get serious about board refreshment.

In addition to these new legal requirements, other stakeholders are pushing for public companies to refresh their boards to achieve greater diversity. Shareholders have been leading the way at least a dozen public company boards since mid-2020, “accusing them of failing to broaden out with greater diversity.” Institutional investors and investment managers such as BlackRock, Inc. have voted “against more than 1,800 directors at close to 1,000 companies for insufficient action to increase board diversity.” The proxy advisory firm Institutional Shareholder Services Inc. “now recommends withholding votes from, or voting against, directors with nominating or governance roles on boards that don’t have at least one non-White director and at least one woman.” Finally, the Nasdaq Exchange, with the approval of the Securities and Exchange Commission (SEC), “will soon require listed companies to have at least two demographically diverse directors (or explain why they don’t).”

Yet board refreshment and diversity is not simply something driven by regulators or changes in the law. The authors believe, “diverse boards representing a broader range of experience may be better able to quickly navigate volatile business environments and unexpected disruptions, such as a global pandemic.” They cite to “recent data from BoardReady, a nonprofit group that promotes corporate diversity, found a positive correlation between the diversity of S&P 500 boards and revenue growth during the pandemic.” So, if the law, regulators, stakeholders and the market all believe in board refreshment, why is not this effort moving forward with greater speed and urgency?

The authors found two key reasons why many companies still struggle to appoint directors who are women, people of color, or members of other underrepresented groups. (1) They found “that corporations go through the motions of refreshment but ultimately accomplish little, replacing an outgoing director with someone similar rather than with a person who has a different professional background, identity, or perspective.” (2) Perhaps not too surprisingly, they also “found that the independence of the board’s nominating committee is often compromised by substantial CEO influence over the process, perpetuating a tendency to select directors who reflect the opinions, and often the identity, of senior management.” When these factors converge, board independence and effectiveness in overseeing management of the company is compromised, which can negatively impact corporate performance.

The authors developed four actions which they believe can allow a company to turn around these areas in board refreshment. How can boards avoid these pitfalls and achieve meaningful refreshment? Leaders who want to change the culture of the board should take the following actions.

Diversity of identity and thought

Obviously, there are certain easily verifiable and achievable standard boards can articulate around diversity, including gender, race, and other such attributes. They can then evaluate nominees against that definition and for diversity of through as well. As the Compliance Evangelist, it would surprise you that I believe more former Chief Compliance Officers (CCOs) and compliance professionals should be nominated to boards. The same is true in other areas of risk management, cyber, export controls and trade sanction and even supply chain. The authors state, “Boards should also encourage nominees to talk about what type of diversity they believe they would bring to the board.” Documenting these actions will serve companies well, as multiple stakeholders are increasingly demanding public disclosure of this documented  information.

Refresh frequently

It is clear that a long-standing board is not the best system to have in place as members gradually lose effectiveness and long “tenures tend to compromise the true nature of director independence.” This leads the authors to suggest boards “set earlier mandatory retirements and shorter term limits.” Some investors oppose the re-election of directors who have served on a board for more than nine years, while others may limit service to seven years. Interestingly, the authors note, “in industries where business models and operational contexts change fast, tenures might need to be even shorter.” Rotation of members and a staggered hiring tenure can also be used.

Limit CEO involvement

Given the negative impact of a Chief Executive Officer (CEO) in the process of selection, it is not too surprising the authors posit “the CEO should not have a vote in the hiring decision, implied or otherwise.” To enhance this position, they also write, “We think boards could normalize the use of executive sessions and reduce any stigma associated with them by holding them more frequently, including when evaluating director candidates.” They noted the “New York Stock Exchange (NYSE) requires executive sessions once a year and Nasdaq at least twice a year, although neither specifies that the sessions be used in the nominee search and hiring process.”

Changing culture

Every CCO and compliance professional who has dealt with a board understands refreshment and corporate culture are tied together. The very act of refreshing an old, stagnant board with new people and ideas changes the culture of a board. That change permeates down into an organization. It is almost axiomatic that “A group of directors with similar experiences, opinions, skills, and identities will naturally tend toward consensus much too often.”

A CCO should work to get directors “to think about and freely discuss the existing board culture, including their own behavior and whether it needs to change.” You could also encourage a board to hire “a consultant to help diagnose and possibly change your board culture.” Finally, work to  “Encourage board members to voice their opinions, especially when they challenge the consensus.” As with most things in life, if you do what you did, you get what you got. The same is true for boards. If you replace one old white guy who was an executive in your industry with another old white guy who also is from the same industry, you have not refreshed your board member, you have simply replaced one for another. In this time of near constant change, boards need to be able to respond quickly and nimbly. That is going to take new blood into your Board of Directors.

And do not forget the ‘G’ in ESG.